SSO into YF from our web app

Zack Wilson shared this question 4 months ago
Completed

We are seeking an example URL for SSO using the REST, JavaScript, or SOAP feature to SSO into YF from our web app.

We were wanting to pass in a user id or username and create a JWT token passing the user to our yellowfin instance without a password. We cannot seem to get it to work without sending in a password. We are not sure where we are going wrong.


Thanks!

Replies (9)

photo
1

Hi Zack,

Thanks for reaching out. We have some example login code on our wiki, see here-

https://wiki.yellowfinbi.com/pages/viewpage.action?pageId=146669898

There is the configuration parameter to consider with the"no password" setup, see here-

https://wiki.yellowfinbi.com/display/yfcurrent/Single+Sign+on

Hope this helps, let me know if you need anything additionally.

Thanks,
Eric

photo
1

Hi Zack,

Just wanted to check in to make sure you had what you needed here.

Thanks,
Eric

photo
1

Eric,

We were trying to investigate and see if we could get it to work and I had a family emergency that put everything on pause. I should be able to get more information next week and see if we can figure it out.

Where we were we were trying to figure out which approach we were supposed to take that would allow us to overlook a password (not have to insert a password) in order to log into YF via our portal. When we tried to create an sso token we were getting this error:

 YF:2024-08-26 12:31:11:ERROR (RESTService) - [274918] [Background] [/api/rpc/login-tokens/create-sso-token] com.hof.mi.web.service.WebserviceException
com.hof.mi.web.service.WebserviceException: null
  at com.hof.mi.web.service.YellowfinWebService.authenticate(YellowfinWebService.java:963) ~[i4-mi.9.12 (20240626)]
  at com.hof.mi.webservices.process.WebserviceSSOService.authenticateUserLogin(WebserviceSSOService.java:60) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.auth.token.process.SSOnTokenRPCProcess.W(SSOnTokenRPCProcess.java:36) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.auth.token.process.SSOnTokenRPCProcess.verifyLoginCredentials(SSOnTokenRPCProcess.java:49) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.auth.token.process.LoginTokenAPIProcess.getData(LoginTokenAPIProcess.java:59) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.auth.token.process.LoginTokenAPIProcess.getData(LoginTokenAPIProcess.java:29) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.process.AbstractContentAPIProcess.loadRESTResponse(AbstractContentAPIProcess.java:145) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.auth.token.TokenService.A(TokenService.java:263) ~[i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.framework.RESTService.doStandardRequest(RESTService.java:451) [i4-mi.9.12 (20240626)]
  at bi.yellowfin.api.rest.auth.token.TokenService.createSSOLoginTokenRPC(TokenService.java:260) [i4-mi.9.12 (20240626)]
  at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
  at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
  at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
  at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
  at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) [spring-web-5.3.34.5.3.34]
  at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) [spring-web-5.3.34.5.3.34]
  at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:903) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:809) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) [spring-webmvc-5.3.34.5.3.34]
  at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) [spring-webmvc-5.3.34.5.3.34]
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:555) [servlet-api.4.0.FR]
  at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) [spring-webmvc-5.3.34.5.3.34]
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) [servlet-api.4.0.FR]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at com.hof.servlet.CSSScopingFilter.doFilter(CSSScopingFilter.java:53) [i4-core.9.12 (20240626)]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at com.hof.servlet.SessionTimeoutFilter.doFilter(SessionTimeoutFilter.java:69) [i4-core.9.12 (20240626)]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at com.hof.servlet.CORSHeaderFilter.doFilter(CORSHeaderFilter.java:49) [i4-core.9.12 (20240626)]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at com.hof.servlet.RequestBodyFilter.doFilter(RequestBodyFilter.java:38) [i4-core.9.12 (20240626)]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) [tomcat-websocket.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at com.hof.servlet.BrowserHeaderFilter.doFilter(BrowserHeaderFilter.java:43) [i4-core.9.12 (20240626)]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.17.1.2.17.1]
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [catalina.9.0.85]
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [catalina.9.0.85]
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) [catalina.9.0.85]
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [catalina.9.0.85]
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:596) [catalina.9.0.85]
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [catalina.9.0.85]
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [catalina.9.0.85]
  at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670) [catalina.9.0.85]
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.9.0.85]
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.9.0.85]
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) [tomcat-coyote.9.0.85]
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote.9.0.85]
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928) [tomcat-coyote.9.0.85]
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794) [tomcat-coyote.9.0.85]
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-coyote.9.0.85]
  at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.9.0.85]
  at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.9.0.85]
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.9.0.85]
  at java.lang.Thread.run(Thread.java:829) [?:?]

Thanks,

Zack

photo
1

Hi Zack,

Thanks for the update, were you able to confirm the necessary config DB entry exists in the system?

if you're able to provide full logs preferably with DEBUG enabled, along with browser console HAR logs, we can do some additional troubleshooting on this. Assistance with new SSO setups is normally covered by our consulting partners, do you know whether your organization has any time available currently?

Thanks,

Eric

photo
1

Eric,

Yes. I believe I added the config DB entry when we were doing SSO with SOAP to an iframe.

We do not have any hours. Do you still want me to try to get the DEBUG and HAR logs?


Thanks,

Zack

photo
1

Hi Zack,

Logs would be the next best thing to hours at this point, happy to take a look as a next step here.

Thanks,
Eric

photo
1

Hi Zack,

Just wanted to check in to see if you were able to get the additional troubleshooting info on this.

Thanks,

Eric

photo
1

Hi Zack,

I'm going to go ahead and mark this ticket as Completed due to inactivity at this time. Feel welcome to reach out in the future.

Thanks,

Eric

photo
1

Eric,

I apologize. I am trying to coordinate with our in-house developer... It has been difficult with family emergencies and company priorities. However, I am hoping in the next week or so to revisit this.


Thanks,

Zack

Leave a Comment
 
Attach a file